@howlil/ez-agents 3.1.0 → 3.4.2

package/ez-agents/bin/lib/safe-exec.cjs

@@ -1,21 +1,23 @@
 #!/usr/bin/env node
 
 /**
- * GSD Safe Exec — Secure command execution with allowlist and validation
- * 
+ * EZ Safe Exec — Secure command execution with allowlist and validation
+ *
  * Prevents command injection by:
  * - Using execFile instead of execSync with string concatenation
  * - Validating commands against allowlist
  * - Blocking dangerous shell metacharacters in arguments
  * - Logging all commands for audit
- * 
+ * - Cross-platform shell detection (Windows: powershell/cmd, Unix: bash)
+ *
  * Usage:
- *   const { safeExec, safeExecJSON } = require('./safe-exec.cjs');
+ *   const { safeExec, safeExecJSON, getShellConfig } = require('./safe-exec.cjs');
  *   const result = await safeExec('git', ['status']);
  */
 
-const { execFile } = require('child_process');
+const { execFile, spawn } = require('child_process');
 const { promisify } = require('util');
+const os = require('os');
 const execFileAsync = promisify(execFile);
 const Logger = require('./logger.cjs');
 const logger = new Logger();
@@ -30,6 +32,90 @@ const ALLOWED_COMMANDS = new Set([
 // Dangerous shell metacharacters that could enable injection
 const DANGEROUS_PATTERN = /[;&|`$(){}\\<>]/;
 
+/**
+ * Get shell configuration for current platform
+ * Returns shell executable and any platform-specific flags
+ * @returns {{shell: string, shellFlag: string}} - Shell config object
+ */
+function getShellConfig() {
+  const platform = process.platform;
+  
+  if (platform === 'win32') {
+    // Windows: prefer PowerShell if available, fallback to cmd.exe
+    // Check if PowerShell is available
+    try {
+      // PowerShell Core (pwsh) or Windows PowerShell (powershell)
+      const pwshPath = require('path').join(
+        process.env.ProgramFiles || 'C:\\Program Files',
+        'PowerShell', '7', 'pwsh.exe'
+      );
+      if (require('fs').existsSync(pwshPath)) {
+        return { shell: 'pwsh', shellFlag: '-Command' };
+      }
+      return { shell: 'powershell', shellFlag: '-Command' };
+    } catch {
+      return { shell: 'cmd', shellFlag: '/C' };
+    }
+  }
+  
+  // Unix-like platforms (macOS, Linux): use bash or sh
+  return { shell: 'bash', shellFlag: '-c' };
+}
+
+/**
+ * Execute a shell command with platform-appropriate shell
+ * @param {string} command - Full command string to execute
+ * @param {Object} options - Execution options
+ * @returns {Promise<string>} - Command stdout
+ */
+async function safeShellExec(command, options = {}) {
+  const { timeout = 30000, log = true } = options;
+  const { shell, shellFlag } = getShellConfig();
+  
+  const startTime = Date.now();
+  
+  try {
+    if (log) {
+      logger.info('Executing shell command', {
+        command,
+        shell,
+        platform: process.platform,
+        timestamp: new Date().toISOString()
+      });
+    }
+    
+    const result = await execFileAsync(shell, [shellFlag, command], {
+      timeout,
+      maxBuffer: 10 * 1024 * 1024, // 10MB buffer
+      windowsHide: true // Prevent console flash on Windows
+    });
+    
+    const duration = Date.now() - startTime;
+    if (log) {
+      logger.debug('Shell command completed', {
+        command,
+        shell,
+        duration,
+        stdout_length: result.stdout?.length || 0
+      });
+    }
+    
+    return result.stdout.trim();
+  } catch (err) {
+    const duration = Date.now() - startTime;
+    logger.error('Shell command failed', {
+      command,
+      shell,
+      error: err.message,
+      duration,
+      code: err.code,
+      signal: err.signal,
+      platform: process.platform
+    });
+    throw err;
+  }
+}
+
 /**
  * Validate command is in allowlist
  * @param {string} cmd - Command to validate

package/ez-agents/bin/lib/safe-path.cjs

@@ -1,130 +1,130 @@
-#!/usr/bin/env node
-
-/**
- * GSD Safe Path — Path traversal prevention utility
- * 
- * Prevents path traversal attacks by:
- * - Resolving and validating paths against base directory
- * - Blocking paths that escape base directory
- * - Handling Windows and Unix path formats
- * - Logging blocked attempts for security audit
- * 
- * Usage:
- *   const { normalizePath, isPathSafe, safeReadFile } = require('./safe-path.cjs');
- *   const safePath = normalizePath(process.cwd(), userPath);
- */
-
-const path = require('path');
-const fs = require('fs');
-const Logger = require('./logger.cjs');
-const logger = new Logger();
-
-/**
- * Normalize and validate a user-provided path against a base directory
- * @param {string} baseDir - Base directory (trusted)
- * @param {string} userPath - User-provided path (untrusted)
- * @returns {string} - Resolved absolute path if safe
- * @throws {Error} If path traversal detected
- */
-function normalizePath(baseDir, userPath) {
-  // Resolve both paths to absolute
-  const resolvedBase = path.resolve(baseDir);
-  const resolvedUser = path.resolve(baseDir, userPath);
-  
-  // Normalize for comparison (handle Windows backslashes)
-  const normalizedBase = resolvedBase + path.sep;
-  
-  // Check if user path is within base directory
-  const isWithin = 
-    resolvedUser === resolvedBase || 
-    resolvedUser.startsWith(normalizedBase);
-  
-  if (!isWithin) {
-    logger.error('Path traversal detected', {
-      baseDir: resolvedBase,
-      userPath,
-      resolvedUser,
-      timestamp: new Date().toISOString()
-    });
-    throw new Error(`Path traversal detected: ${userPath}`);
-  }
-  
-  return resolvedUser;
-}
-
-/**
- * Check if a path is safe (within base directory) without throwing
- * @param {string} baseDir - Base directory (trusted)
- * @param {string} userPath - User-provided path (untrusted)
- * @returns {boolean} - True if path is safe
- */
-function isPathSafe(baseDir, userPath) {
-  try {
-    normalizePath(baseDir, userPath);
-    return true;
-  } catch (err) {
-    return false;
-  }
-}
-
-/**
- * Validate path exists and is safe
- * @param {string} baseDir - Base directory
- * @param {string} userPath - User-provided path
- * @returns {string} - Resolved path if exists and safe
- * @throws {Error} If not found or traversal detected
- */
-function validatePathExists(baseDir, userPath) {
-  const resolvedPath = normalizePath(baseDir, userPath);
-  
-  if (!fs.existsSync(resolvedPath)) {
-    logger.warn('Path does not exist', {
-      resolvedPath,
-      userPath
-    });
-    throw new Error(`Path not found: ${userPath}`);
-  }
-  
-  return resolvedPath;
-}
-
-/**
- * Safely read a file (validates path before reading)
- * @param {string} baseDir - Base directory
- * @param {string} userPath - User-provided path
- * @param {string} encoding - File encoding (default: utf-8)
- * @returns {string} - File content
- * @throws {Error} If path unsafe or file not found
- */
-function safeReadFile(baseDir, userPath, encoding = 'utf-8') {
-  const resolvedPath = validatePathExists(baseDir, userPath);
-  
-  logger.debug('Reading file', { resolvedPath, userPath });
-  
-  return fs.readFileSync(resolvedPath, encoding);
-}
-
-/**
- * Get relative path from base, with validation
- * @param {string} baseDir - Base directory
- * @param {string} fullPath - Full path to convert
- * @returns {string} - Relative path or throws if outside base
- */
-function toRelativePath(baseDir, fullPath) {
-  const resolvedFull = path.resolve(fullPath);
-  const resolvedBase = path.resolve(baseDir);
-  
-  if (!isPathSafe(baseDir, resolvedFull)) {
-    throw new Error(`Path outside base: ${fullPath}`);
-  }
-  
-  return path.relative(resolvedBase, resolvedFull);
-}
-
-module.exports = {
-  normalizePath,
-  isPathSafe,
-  validatePathExists,
-  safeReadFile,
-  toRelativePath
-};
+#!/usr/bin/env node
+
+/**
+ * EZ Safe Path — Path traversal prevention utility
+ * 
+ * Prevents path traversal attacks by:
+ * - Resolving and validating paths against base directory
+ * - Blocking paths that escape base directory
+ * - Handling Windows and Unix path formats
+ * - Logging blocked attempts for security audit
+ * 
+ * Usage:
+ *   const { normalizePath, isPathSafe, safeReadFile } = require('./safe-path.cjs');
+ *   const safePath = normalizePath(process.cwd(), userPath);
+ */
+
+const path = require('path');
+const fs = require('fs');
+const Logger = require('./logger.cjs');
+const logger = new Logger();
+
+/**
+ * Normalize and validate a user-provided path against a base directory
+ * @param {string} baseDir - Base directory (trusted)
+ * @param {string} userPath - User-provided path (untrusted)
+ * @returns {string} - Resolved absolute path if safe
+ * @throws {Error} If path traversal detected
+ */
+function normalizePath(baseDir, userPath) {
+  // Resolve both paths to absolute
+  const resolvedBase = path.resolve(baseDir);
+  const resolvedUser = path.resolve(baseDir, userPath);
+  
+  // Normalize for comparison (handle Windows backslashes)
+  const normalizedBase = resolvedBase + path.sep;
+  
+  // Check if user path is within base directory
+  const isWithin = 
+    resolvedUser === resolvedBase || 
+    resolvedUser.startsWith(normalizedBase);
+  
+  if (!isWithin) {
+    logger.error('Path traversal detected', {
+      baseDir: resolvedBase,
+      userPath,
+      resolvedUser,
+      timestamp: new Date().toISOString()
+    });
+    throw new Error(`Path traversal detected: ${userPath}`);
+  }
+  
+  return resolvedUser;
+}
+
+/**
+ * Check if a path is safe (within base directory) without throwing
+ * @param {string} baseDir - Base directory (trusted)
+ * @param {string} userPath - User-provided path (untrusted)
+ * @returns {boolean} - True if path is safe
+ */
+function isPathSafe(baseDir, userPath) {
+  try {
+    normalizePath(baseDir, userPath);
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
+/**
+ * Validate path exists and is safe
+ * @param {string} baseDir - Base directory
+ * @param {string} userPath - User-provided path
+ * @returns {string} - Resolved path if exists and safe
+ * @throws {Error} If not found or traversal detected
+ */
+function validatePathExists(baseDir, userPath) {
+  const resolvedPath = normalizePath(baseDir, userPath);
+  
+  if (!fs.existsSync(resolvedPath)) {
+    logger.warn('Path does not exist', {
+      resolvedPath,
+      userPath
+    });
+    throw new Error(`Path not found: ${userPath}`);
+  }
+  
+  return resolvedPath;
+}
+
+/**
+ * Safely read a file (validates path before reading)
+ * @param {string} baseDir - Base directory
+ * @param {string} userPath - User-provided path
+ * @param {string} encoding - File encoding (default: utf-8)
+ * @returns {string} - File content
+ * @throws {Error} If path unsafe or file not found
+ */
+function safeReadFile(baseDir, userPath, encoding = 'utf-8') {
+  const resolvedPath = validatePathExists(baseDir, userPath);
+  
+  logger.debug('Reading file', { resolvedPath, userPath });
+  
+  return fs.readFileSync(resolvedPath, encoding);
+}
+
+/**
+ * Get relative path from base, with validation
+ * @param {string} baseDir - Base directory
+ * @param {string} fullPath - Full path to convert
+ * @returns {string} - Relative path or throws if outside base
+ */
+function toRelativePath(baseDir, fullPath) {
+  const resolvedFull = path.resolve(fullPath);
+  const resolvedBase = path.resolve(baseDir);
+  
+  if (!isPathSafe(baseDir, resolvedFull)) {
+    throw new Error(`Path outside base: ${fullPath}`);
+  }
+  
+  return path.relative(resolvedBase, resolvedFull);
+}
+
+module.exports = {
+  normalizePath,
+  isPathSafe,
+  validatePathExists,
+  safeReadFile,
+  toRelativePath
+};